hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : <2.4.23 kernel warning!
Reply

Forum Jump

<2.4.23 kernel warning!

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 12-18-2003, 11:55 PM
H2 H2 is offline
Web Hosting Master
 
Join Date: Feb 2001
Posts: 617
*

<2.4.23 kernel warning!


Linux Kernel do_brk() Vulnerablility

Highly recommend to upgrade to v2.4.23 (I tested exploit code on my own server )

http://www.securiteam.com/unixfocus/6R0012095O.html

__________________
Alex




Sponsored Links
  #2  
Old 12-19-2003, 12:08 AM
blackmoont blackmoont is offline
Web Hosting Guru
 
Join Date: Apr 2003
Posts: 267
But i dont know which version kernel in my box !! how to know which version then ?

  #3  
Old 12-19-2003, 12:14 AM
H2 H2 is offline
Web Hosting Master
 
Join Date: Feb 2001
Posts: 617
run from SSH:

uname -a

__________________
Alex


Sponsored Links
  #4  
Old 12-19-2003, 12:58 AM
The Prohacker The Prohacker is offline
iNET Interactive
 
Join Date: May 2001
Location: Dayton, Ohio
Posts: 4,894
http://www.webhostingtalk.com/showth...hreadid=212652


If they haven't upgraded yet they prolly never will

__________________
-Mat

  #5  
Old 12-19-2003, 01:20 AM
eBoundary eBoundary is offline
Web Hosting Master
 
Join Date: May 2003
Location: Philadelphia
Posts: 968
Or they are already owned The exploits are very readily available and I'm sure many people have script kiddie wannabe's as clients

__________________
http://www.eBoundary.com - Let us help you expand your eBoundaries!
Fast, Secure and reliable FreeBSD shared, reseller and dedicated hosting.
FREE Peace of mind with every account!

  #6  
Old 12-19-2003, 01:53 AM
sprintserve sprintserve is offline
Retired Moderator
 
Join Date: Jan 2003
Posts: 9,004
I upgraded it weeks ago. On the 1st of December of so.

__________________
Like us on Facebook to qualify for discounts!
http://www.sprintserve.net
Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting |
Services: | Managed Multiple Cores 64bit Servers | Server Management |

  #7  
Old 12-19-2003, 03:25 AM
ub3r ub3r is offline
Disabled
 
Join Date: Dec 2002
Location: chica go go
Posts: 11,858
doesn't work on redhat 9 machines, i tested it on my own machine running 2.4.20-24.9 and another machine running 2.4.20-20.9smp and each of them compiled correctly, but do not execute due to a segmentation fault .

  #8  
Old 12-19-2003, 03:36 AM
sprintserve sprintserve is offline
Retired Moderator
 
Join Date: Jan 2003
Posts: 9,004
That's because 2.4.20.24.9 is the patched version that Redhat released.

__________________
Like us on Facebook to qualify for discounts!
http://www.sprintserve.net
Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting |
Services: | Managed Multiple Cores 64bit Servers | Server Management |

  #9  
Old 12-19-2003, 05:39 AM
The Prohacker The Prohacker is offline
iNET Interactive
 
Join Date: May 2001
Location: Dayton, Ohio
Posts: 4,894
And yes it does work on an unpatched RH9 server.. Happened to have to recover one that was with that very exploit.. The c source was interesting..

__________________
-Mat

  #10  
Old 12-19-2003, 06:12 AM
blackmoont blackmoont is offline
Web Hosting Guru
 
Join Date: Apr 2003
Posts: 267
I'v read a lot of "how to" kernel update and really want to do it myself but it look danrgous and i ..scare

  #11  
Old 12-19-2003, 06:26 AM
HaShoo HaShoo is offline
Junior Guru Wannabe
 
Join Date: Aug 2003
Location: Mars
Posts: 86
blackmoont, You can always try rpm version's of kernel. If you use redhat then you can use up2date to upgrade your kernel automatically..

__________________
./HaShoo

  #12  
Old 12-19-2003, 07:08 AM
blackmoont blackmoont is offline
Web Hosting Guru
 
Join Date: Apr 2003
Posts: 267
Yes , i am using redhat 9 but are there anything risk if i use up2date ?

  #13  
Old 12-19-2003, 07:17 AM
RSanders RSanders is offline
Web Hosting Master
 
Join Date: Feb 2003
Location: Detroit
Posts: 799
Quote:
Yes , i am using redhat 9 but are there anything risk if i use up2date ?
Only if you compiled any modules against the kernel. It's more common in a desktop situation than a production server, but if you have any customizations to the kernel then you may have issues.

If you installed default redhat, and it worked, then your fine. If your on a hosted platform, hopefully your hosting company isn't stupid enough to put you on hardware that requires custom builds.

  #14  
Old 12-19-2003, 07:44 AM
blackmoont blackmoont is offline
Web Hosting Guru
 
Join Date: Apr 2003
Posts: 267
My server place at American Datacenter . I am using RedHat 9 and apache compliled with phpsuexec , cpanel . That's all . Anything dangrous if i run up2date ? Pls give me some comment and let me have enough brave to update kernel myself . .

  #15  
Old 12-19-2003, 07:45 AM
blackmoont blackmoont is offline
Web Hosting Guru
 
Join Date: Apr 2003
Posts: 267
argg, i have about 300 hosting account in my 2 server , so if i do something wrong , my neck will be cut off

Reply

Related posts from TheWhir.com
Title Type Date Posted
Megaupload Servers Remain Disconnected in Carpathia Storage Facility, Two Years After Raid Web Hosting News 2014-04-07 12:01:07
Europe Wants to Govern the Cloud Blog 2013-10-07 12:31:16
Linux Kernel 3.10 Sees Most Developer Contributions Ever Web Hosting News 2013-09-16 13:17:24
UK Tech Blog Challenges CloudFlare, Web Hosts on Free Speech Blog 2013-08-12 10:32:52
LeaseWeb Responds to Claims It Erased MegaUpload Servers Without Warning Web Hosting News 2013-06-19 16:52:36


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?